mirror of
https://github.com/cupcakearmy/cryptgeon.git
synced 2026-06-10 11:16:48 +00:00
Stefan Meinecke
1a243cc96a
Swap redis:7-alpine images to valkey/valkey:7-alpine across all
docker-compose files and example READMEs. Keep service name as
"redis" so that the default REDIS=redis://redis/ connection string
still resolves correctly in Docker networking.
Also add turbofish type annotations to redis crate calls in store.rs
for Rust 2024 never-type-fallback compatibility, and fix a typo
("notion" -> "note") in an error message.
3.8 KiB
3.8 KiB
Install from scratch.
This is a tiny guide to install cryptgeon on (probably) any unix system (and maybe windows?) from scratch using traefik as the proxy, which will manage certificates and handle https for us.
- Install Docker & Docker Compose.
- Install Traefik.
- Run the cryptgeon.
- [Optional] install watchtower to keep up to date.
Install Docker & Docker Compose
Install Traefik 2.0
Traefik is a router & proxy that makes deployment of containers incredibly easy. It will manage all the https certificates, routing, etc.
/foo/bar/traefik/
├── docker-compose.yaml
└── traefik.yaml
# docker-compose.yaml
version: '3.8'
services:
traefik:
image: traefik:2.6
restart: unless-stopped
ports:
- '80:80'
- '443:443'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.yaml:/etc/traefik/traefik.yaml:ro
- ./data:/data
labels:
- 'traefik.enable=true'
# HTTP to HTTPS redirection
- 'traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)'
- 'traefik.http.routers.http_catchall.entrypoints=insecure'
- 'traefik.http.routers.http_catchall.middlewares=https_redirect'
- 'traefik.http.middlewares.https_redirect.redirectscheme.scheme=https'
- 'traefik.http.middlewares.https_redirect.redirectscheme.permanent=true'
networks:
default:
external: true
name: proxy
# traefik.yaml
api:
dashboard: true
# Define HTTP and HTTPS entrypoint
entryPoints:
insecure:
address: ':80'
secure:
address: ':443'
# Dynamic configuration will come from docker labels
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
network: 'proxy'
exposedByDefault: false
# Enable acme with http file challenge
certificatesResolvers:
le:
acme:
email: me@example.org
storage: /data/acme.json
httpChallenge:
entryPoint: insecure
Run
docker network create proxy
docker-compose up -d
Cryptgeon
Create another docker-compose.yaml file in another folder. We will assume that the domain is cryptgeon.example.org.
/foo/bar/cryptgeon/
└── docker-compose.yaml
version: '3.8'
networks:
proxy:
external: true
services:
redis:
image: valkey/valkey:7-alpine
# This is required to stay in RAM only.
command: valkey-server --save "" --appendonly no
# Set a size limit. See link below on how to customise.
# https://valkey.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
# --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
# This prevents the creation of an anonymous volume.
tmpfs:
- /data
app:
image: cupcakearmy/cryptgeon:latest
restart: unless-stopped
depends_on:
- redis
environment:
SIZE_LIMIT: 4 MiB
networks:
- default
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.cryptgeon.rule=Host(`cryptgeon.example.org`)
- traefik.http.routers.cryptgeon.entrypoints=secure
- traefik.http.routers.cryptgeon.tls.certresolver=le
Run
docker-compose up -d
Watchtower
A container-based solution for automating Docker container base image updates.
Watchtower will keep our containers up to date. The interval is set to once a day and also configured to delete old images to prevent cluttering.
/foo/bar/watchtower/
└── docker-compose.yaml
# docker-compose.yaml
version: '3.8'
services:
watchtower:
image: containrrr/watchtower
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --cleanup --interval 86400